A – QUESTIONS
1. How high do you assess the knowledge level of the business strategy throughout the company by the average employee? Is it your assessment that there is a robust understanding of JAA's business strategy? Support your position with examples.
2. As you are aware, effective implementation of ISO 31000 involves effective design and implementation of a risk management framework and effective implementation of the risk management processes. This will be verified by incorporation of 11 key principles. Find an example in the case for each of the 11 principles in action.
3. Why is it important that the company be able to identify JAA's major stakeholders? How should a company identify its stakeholders? What is meant by the concept that stakeholders select the company instead of the company selects the stakeholders?
4. What characteristics do you see in the board of directors that lend themselves to a strong tone at the top and a culture that fully embraces risk management?
5. If you compare the internal audit department at JAA to several that you know of currently in the marketplace, what are some of the major differences that you see at JAA that obviously have contributed to superior performance? What is unique and refreshing about the approach to the external audit as compared to what you have seen in industry?
6. What is your opinion of the risk (event) identification techniques in place at JAA? How do you think that the company evolved to using such techniques?
7. What is the linkage at JAA between the strategic objectives, context, stakeholders, and risk criteria? Support your comments with specific examples of the link in these four areas.
8. Why is it important that risk criteria be created as per JAA? Do you think it is possible for any reasonable risk treatment plan to be in place without creation of such criteria?
9. Review the risk management policy in Appendix B and describe the kinds of things that constitute a best-in-class policy.
10. What other types of general or specific polices can you describe to manage risks?
11. Why is it that "tone at the top" and a strong risk culture are critical components for a company's success, such as what you see at JAA?